[Openstack-security] [Bug 1367022] [NEW] Un-sanitized eval may have security impact
Travis McPeak
travis.mcpeak at hp.com
Mon Sep 8 22:52:46 UTC 2014
Public bug reported:
On this line:
https://github.com/openstack/ceilometer/blob/master/ceilometer/transformer/conversions.py#L62
eval is used for some transformation. The comments near by suggest that
it is used for a 'multiplicative factor or else a string to be eval'd'.
If an attacker is able to provide an input like
"__import__('os').system('rm -rf /etc')" the process will delete the etc
directory with the privileges of the user that is running Ceilometer.
Eval input should always be sanitized. I was unable to find any places
that this is actually used, but this should definitely be hardened.
** Affects: ceilometer
Importance: Undecided
Status: New
** Tags: security
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1367022
Title:
Un-sanitized eval may have security impact
Status in OpenStack Telemetry (Ceilometer):
New
Bug description:
On this line:
https://github.com/openstack/ceilometer/blob/master/ceilometer/transformer/conversions.py#L62
eval is used for some transformation. The comments near by suggest
that it is used for a 'multiplicative factor or else a string to be
eval'd'.
If an attacker is able to provide an input like
"__import__('os').system('rm -rf /etc')" the process will delete the
etc directory with the privileges of the user that is running
Ceilometer.
Eval input should always be sanitized. I was unable to find any
places that this is actually used, but this should definitely be
hardened.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ceilometer/+bug/1367022/+subscriptions
More information about the Openstack-security
mailing list